[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Jude Oliver judeo at blansys.com
Tue Apr 26 21:39:17 CEST 2016 

I regenerated my certificate many times,  none of them show this  info
about the private key:

  pubkey:    RSA 2048 bits, has private key


Perhaps something is wrong with my steps, or my OS?
The commands  listed on your site state to use these commands:
ipsec pki --gen > caKey.der

ipsec pki --self --in caKey.der --dn "C=CH, O=strongSwan, CN=strongSwan
CA" --ca > caCert.der


Now on my system I cannot use ipsec to do this, I have to use
Strongswan pki --gen > caKey.der

Etc as my ipsec only does this:

ipsec --help
Usage: ipsec <command> <argument ...>
where <command> is one of:


	start			stop
	restart			status
	import			initnss
	checknss		checknflog
	addconn			auto
	barf			cavp
	eroute			ikeping
	klipsdebug		look
	newhostkey		pf_key
	pluto			readwriteconf
	rsasigkey		secrets
	setup			showhostkey
	spi			spigrp
	tncfg			verify
	whack


See also: man ipsec <command> or ipsec <command> --help
See <https://libreswan.org/> for more general info.
Linux Libreswan 3.15 (netkey) on 3.10.0-327.13.1.el7.x86_64


this is what I have installed related to ipsec:
Installed Packages
ipsec-tools.x86_64 
                                0.8.2-1.el7
                                                  @epel
strongswan-libipsec.x86_64
                                5.3.2-1.el7
                                                  @epel


Am I perhaps missing something from my OS?
Thanks for any insights.

________________________________________


Jude Oliver
Support
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>

-----------------------------------------------------

Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
webinars. 
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.









On 4/26/16, 10:40 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>> Still no love here, no private key for my left server?
>
>Did you configure your private key in ipsec.secrets [1]?
>
>Once the private key is loaded you should see the following when listing
>your cert:
>
>>   pubkey:    RSA 2048 bits, has private key
>
>Regards,
>Tobias
>
>[1] https://wiki.strongswan.org/projects/strongswan/wiki/RsaSecret
>

More information about the Users mailing list